Is my PHP authentication script secure? I noticed that the hashes start with the first two letters of the username. Could there be a security flaw using crypt() in such a way?
<?php
// Credentials :
// admin / P4ssW0rd
// j.doe / r0x0r
$cred = array(
'admin' => 'adkFV/7Pa.Em.',
'j.doe' => 'j.4AzOhv10e1M'
);
$salt = 'abcdefg';
$user = $_POST['login'];
$pass = $_POST['pass'];
if (isset($cred[$user]) && crypt($salt . $pass, $user) == $cred[$user]) {
echo 'Access granted';
} else {
echo 'Access denied';
}